Transmission Control Protocol (TCP) Settings

Specific network settings depend on the platform. On some systems, you
can enhance Directory Server performance by modifying TCP settings.

Note –

First deploy your directory service, then consider tuning these
parameters, if necessary.

This section discusses the reasoning behind idsktune recommendations
that concern TCP settings, and provides a method for tuning these settings
on Solaris 10 systems.

Inactive Connections

Some systems allow you to configure the interval between transmission
of keepalive packets. This setting can determine how long
a TCP connection is maintained while inactive and potentially disconnected.
When set too high, the keepalive interval can cause the
system to use unnecessary resources to keep connections for clients that have
become disconnected. For most deployments, set this parameter to a value of
600 seconds. This value, which is 600,000 milliseconds, or 10 minutes, allows
more concurrent connections to Directory Server.

When set too low, however, the keepalive interval
can cause the system to drop connections during transient network outages.

On Solaris systems, this time interval is configured through the tcp_keepalive_interval parameter.

Outgoing Connections

Some systems allow you to configure how long a system waits for an outgoing
connection to be established. When set too high, establishing outgoing connections
to destination servers such as replicas not responding quickly can cause long
delays. For Intranet deployments on fast, reliable networks, you can set this
parameter to a value of 10 seconds to improve performance. Do not, however,
use such a low value on networks with slow, unreliable, or WAN connections,
however.

On Solaris systems, this time interval is configured through the tcp_ip_abort_cinterval parameter.

Retransmission Timeout

Some systems allow you to configure the initial time interval between
retransmission of packets. This setting affects the wait before retransmission
of an unacknowledged packet. When set too high, clients can be kept waiting
on lost packets. For Intranet deployments on fast, reliable networks, you
can set this parameter to a value of 500 milliseconds to improve performance.
Do not, however, use such a low value on networks with round trip times of
more than 250 milliseconds.

On Solaris systems, this time interval is configured through the tcp_rexmit_interval_initial parameter.

Sequence Numbers

Some systems allow you to configure how the system handles initial sequence
number generation. For extranet and Internet deployments, set this parameter
so initial sequence number generation is based on RFC 1948 to prevent sequence
number attacks. In such environments, other TCP tuning settings mentioned
here are not useful.

On Solaris systems, this behavior is configured through the tcp_strong_iss parameter.

Tuning TCP Settings on Solaris 10 Systems

On Solaris 10 systems, the simplest way to tune TCP settings is to create
a simple SMF service as follows:

Create an SMF profile for Directory Server tuning.

Edit the following xml file according to your environment
and save the file as /var/svc/manifest/site/ndd-nettune.xml.